Add documentation comments for Nebula constants

Describe where the new constants come from and link to the original
issue which describes the protocol design.

components/p3a/constellation_helper.cc

@@ -27,7 +27,23 @@ namespace p3a {
 
 namespace {
 
+// Probability of submitting a true report in the Nebula protocol
+//
+// This is computed from the differential privacy budget ε = 1.0 as
+//
+//     kNebulaParticipationRate = alpha * (1 - exp(-epsilon))
+//
 constexpr double kNebulaParticipationRate = 0.105;
+
+// Probability of submitting a randomized response in the Nebula protocol
+//
+// This sets the fraction of clients not participating by submitting
+// a true report for threshold aggregration which instead submit a
+// privacy-enhancing dummy report. It must be sufficiently large to
+// provide privacy coverage for the size of the P3A question domain,
+// but values significantly less than 1.0 improve bandwidth efficiency
+// by reducing the number of reports clients must send which will not
+// be aggregated.
 constexpr double kNebulaScramblingRate = 0.05;
 
 bool CheckParticipationAndScrambleForNebula(std::vector<std::string>* layers) {

components/p3a/constellation_helper.h

@@ -25,7 +25,22 @@ class SharedURLLoaderFactory;
 
 namespace p3a {
 
+// Heuristic aggregation threshold used for STAR/Constellation
 inline constexpr size_t kConstellationDefaultThreshold = 50;
+
+// Aggregation threshold used for Nebula
+//
+// This is derived from the differential privacy paramaters
+// ε = 1.0 (the privacy budget) and δ = 1.0e-8 (should be
+// less than the reciprocal of the number of clients) along
+// with a parameter α = 1/6 which adjusts the tradeoff between
+// this threshold and the sampling probability.
+//
+// This aggregation threshold is computed as
+//
+//     kNebulaThreshold = ceil(log(1.0/delta) / Ca)
+//     where Ca = log(1.0/alpha) - 1.0 / (1.0 + alpha)
+//
 inline constexpr size_t kNebulaThreshold = 20;
 
 struct P3AConfig;

components/p3a/features.cc

@@ -9,18 +9,27 @@
 namespace p3a {
 namespace features {
 
+// Report answers to P3A questions encrypted to the STAR/Constellation
+// threshold aggregation scheme.
 BASE_FEATURE(kConstellation,
              "BraveP3AConstellation",
              base::FEATURE_ENABLED_BY_DEFAULT);
+// Verify Constellation randomness server secure enclave certificate.
 BASE_FEATURE(kConstellationEnclaveAttestation,
              "BraveP3AConstellationEnclaveAttestation",
              base::FEATURE_DISABLED_BY_DEFAULT);
+// Disable reporting answers over direct https+json
+// for typical (weekly) cadence P3A questions.
 BASE_FEATURE(kTypicalJSONDeprecation,
              "BraveP3ATypicalJSONDeprecation",
              base::FEATURE_DISABLED_BY_DEFAULT);
+// Disable reporting answers over direct https+json
+// for other (daily or monthly) cadence P3A questions.
 BASE_FEATURE(kOtherJSONDeprecation,
              "BraveP3AOtherJSONDeprecation",
              base::FEATURE_DISABLED_BY_DEFAULT);
+// Report P3A responses with "Nebula" differential privacy
+// sampling enabled. See https://github.com/brave/brave-browser/issues/35841
 BASE_FEATURE(kNebula,
              "BraveP3ADifferentialSampling",
              base::FEATURE_DISABLED_BY_DEFAULT);

components/p3a/metric_names.h

@@ -366,6 +366,12 @@ inline constexpr auto kHistogramsWithRefcodeIncluded =
 });
 
 // List of metrics that should be protected by Nebula.
+//
+// We intend to apply Nebula to all questions by default,
+// subject to verification that it behaves as expected.
+// This list tests a small number of questions to confirm
+// this, and should be removed or converted to an exception
+// list once we're satisfied with the implementation.
 inline constexpr auto kNebulaOnlyHistograms =
   base::MakeFixedFlatSet<std::string_view>(base::sorted_unique,{
     "Brave.AIChat.ChatCount.Nebula",